Contribute to canarytail/standard development by creating an account on GitHub.

Blockchain intelligence firm CipherTrace claims banks unknowingly process $2 billion in crypto funds every year, opening themselves up to potential risks.

To check if they're vulnerable or not. Here's a new tool that scans the RDP of your system to explore BlueKeep's vulnerability.

Posted in r/netsec by u/thegeekbin • 29 points and 2 comments

Quick navigation Introduction (this page)Bug #1 – The Python language serverBug #2 – A custom Cloud Shell imageBug #3 – Git cloneBug #4 – Go and get pwned Note: The vulnerab…

Posted in r/netsec by u/oleavr • 63 points and 6 comments

List of worst passwords of the 2019 list. You can check out the list and see if your password is on the list or not.

Facebook’s Tor gateway will be out of commission for a week or two after a TLS certificate expired. “Our onion service, facebookcorewwwi.onion, is

Amazon Web Services’ AssumeRole operation accepts an optional parameter called “sts:ExternalId” which is intended to mitigate certain types of attacks. However, both the attacks t…

Hardlinks again! Yes, there are plenty of opportunities to raise your privileges due to incorrect permissions settings when combined with  hardlinks in many softwares (MS included) ;-) In this post…

Broken Links Repair Plugin disables the bad links in your content immediately upon detection by Hexometer.com scanner.

Christmas is basically in one week, and if you are like me, which means you are not keen on the idea of going into actual shops and…

Since ever I've been using HID devices on red-team assessments at Char49 - specially using Rubber Ducky and latelly with Cactus WHID. I wanted to play a little

Posted in r/netsec by u/EatonZ • 40 points and 9 comments

“This gives a potential attacker access to view cameras in somebody’s home — that’s a real serious potential invasion of privacy right there.”

I found a security vulnerability in PandoraFMS 7 Monitoring System. As an authenticated user it is possible to modify or configure alerts…

As part of Apple’s commitment to security, we reward researchers who share with us critical issues and the techniques used to exploit them.

A method to bypass a null byte in a POP-POP-RETN address for exploiting local SEH overflows via DLL injection - FULLSHADE/POPPOPRET-nullbyte-DLL-bypass